Configure L2TP IPSec Phase 1 Advanced Settings

Phase 1 Advanced Settings:

NAT Traversal

  • If you want to build a VPN tunnel between the Firebox and L2TP VPN clients that are behind a NAT device, select the NAT Traversal check box. NAT Traversal, or UDP Encapsulation, enables traffic to get to the correct destinations.
  • In the Keep-alive interval text box, type or select the number of seconds that pass before the next NAT keep-alive message is sent.

Dead Peer Detection (RFC3706)

  • Use the Dead Peer Detection check box to enable or disable traffic-based dead peer detection. When you enable dead peer detection, the Firebox connects to a peer only if no traffic is received from the peer for a specified length of time and a packet is waiting to be sent to the peer. This method is more scalable than IKE keep-alive messages.
  • In the Traffic idle timeout text box, type or select the amount of time (in seconds) that passes before the Firebox tries to connect to the peer.
  • In the Max retries text box, type or select the number of times the Firebox tries to connect before the peer is declared dead.

Dead Peer Detection is an industry standard that is used by most VPN clients that support IPSec. We recommend that you select Dead Peer Detection if your L2TP VPN clients support it.

See Also

Edit the Mobile VPN with L2TP Configuration